vulnerability
WordPress Plugin: bdvs-password-reset: CVE-2023-35039: Weak Password Recovery Mechanism for Forgotten Password
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Aug 14, 2023 | May 15, 2025 | Jun 24, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 14, 2023
Added
May 15, 2025
Modified
Jun 24, 2025
Description
The Password Reset with Code for WordPress REST API is vulnerable to a Weak Password Recovery Mechanism in versions up to, and including, 0.0.15. This allows unauthenticated attackers to set a 4-digit password recovery code for arbitrary users that, if guessed correctly, will allow them to reset the password for that user. Although each code is only allowed 3 tries by default, there is no restriction on the number of code generation attempts allowed, effectively reducing the entropy of the password reset mechanism to 4 digits. Additionally the code generation mechanism uses str_shuffle which does not use a cryptographically secure PNRG.
Solution
bdvs-password-reset-plugin-cve-2023-35039
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.